Re: Removal of some KAUTH_GENERIC_ISSUSER (pass 1)

To: Elad Efrat <elad%NetBSD.org@localhost>
Subject: Re: Removal of some KAUTH_GENERIC_ISSUSER (pass 1)
From: christos%zoulas.com@localhost (Christos Zoulas)
Date: Sat, 11 Apr 2009 14:37:05 -0400

On Apr 11,  9:30pm, elad%NetBSD.org@localhost (Elad Efrat) wrote:
-- Subject: Re: Removal of some KAUTH_GENERIC_ISSUSER (pass 1)

| Christos Zoulas wrote:
| 
| >> Any comments regarding the rest of the diff?
| > 
| > The diff looks fine, but (in the non-diff case) I would prefer in the
| > default cases to deny instead.
| 
| This is beyond the scope of this thread, but--
| 
| The default result is "defer", and if the listener wants to explicitly
| allow, it returns "allow". If, eventually, no listener returns "allow",
| or at least one listener returns "deny", the operation is denied.
| 
| Do you want to change this logic? (if yes, why?)

Look for default: in secmodel_44_suser.c. There are a lot of DEFER's
but there are a couple of ALLOWS and quite a few that do nothing.
I think that all the defaults should be treated the same way or there
should be a big fat comment explaining why this is not the case :-)

christos

Follow-Ups:
- Re: Removal of some KAUTH_GENERIC_ISSUSER (pass 1)
  - From: Elad Efrat

References:
- Re: Removal of some KAUTH_GENERIC_ISSUSER (pass 1)
  - From: Elad Efrat

Prev by Date: Re: Removal of some KAUTH_GENERIC_ISSUSER (pass 1)
Next by Date: Re: Removal of some KAUTH_GENERIC_ISSUSER (pass 1)
Previous by Thread: Re: Removal of some KAUTH_GENERIC_ISSUSER (pass 1)
Next by Thread: Re: Removal of some KAUTH_GENERIC_ISSUSER (pass 1)
Indexes:

Home | Main Index | Thread Index | Old Index